Jens-G opened a new pull request, #3510: URL: https://github.com/apache/thrift/pull/3510
## Summary - Removes `phantom` and `@types/phantom` from `devDependencies` in `lib/ts/package.json` - Deletes the orphan `lib/ts/test/phantom-client.ts` file (never wired into any test runner or build target) - Regenerates `lib/ts/package-lock.json`, eliminating `phantomjs-prebuilt` from the dependency tree entirely ## Background `[email protected]` pulls in `phantomjs-prebuilt` as a transitive dependency. `phantomjs-prebuilt` is an abandoned project (last release 2017) with known vulnerabilities and is flagged by `npm audit`. The qunit tests in `lib/ts` have already been migrated to puppeteer (headless Chrome) via `grunt-contrib-qunit` — all `qunit` tasks in `Gruntfile.js` use `puppeteer: { headless: true }`. The `phantom` npm package has had no active use since that migration. `lib/ts/test/phantom-client.ts` was an orphan leftover from the phantomjs era. It used the phantomjs binary runtime globals (`phantom.page.injectJs`, `phantom.exit`) which are injected by the phantomjs binary itself — the `var phantom = require("phantom")` at the top was a TypeScript workaround, not an actual runtime dependency. The file was never referenced in `Gruntfile.js`, `Makefile.am`, `tsconfig.json`, or any test runner task. Removing it alongside `@types/phantom` was necessary to avoid a TypeScript compilation failure (`tsc` picks up all `.ts` files in `test/` by default). Note: `lib/ts/test/build.xml` still references the system `phantomjs` binary for the legacy Ant-based test path. That is a separate cleanup out of scope for this PR. ## Test plan - [ ] `npm audit` in `lib/ts/` no longer reports `phantomjs-prebuilt` - [ ] `grep phantomjs lib/ts/package-lock.json` returns no matches - [ ] `npx grunt` in `lib/ts/` continues to work (qunit tests use puppeteer, unaffected) 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
